package org.eclipse.kura.internal.rest.security.provider;

import java.util.Optional;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.eclipse.kura.cloudconnection.request.RequestHandler;
import org.eclipse.kura.cloudconnection.request.RequestHandlerRegistry;
import org.eclipse.kura.internal.rest.security.provider.dto.DebugEnabledDTO;
import org.eclipse.kura.request.handler.jaxrs.DefaultExceptionHandler;
import org.eclipse.kura.request.handler.jaxrs.JaxRsRequestHandlerProxy;
import org.eclipse.kura.security.SecurityService;
import org.osgi.service.useradmin.UserAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/internal/rest/security/provider/AbstractRestSecurityService.class */
public abstract class AbstractRestSecurityService {
    protected static final Logger logger = LoggerFactory.getLogger(AbstractRestSecurityService.class);
    protected static final String DEBUG_MESSAGE = "Processing request for method '{}'";
    protected static final String REST_ROLE_NAME = "security";
    protected static final String KURA_PERMISSION_REST_ROLE = "kura.permission.rest.security";
    protected SecurityService security;
    protected final RequestHandler requestHandler = new JaxRsRequestHandlerProxy(this);

    public void bindSecurityService(SecurityService securityService) {
        this.security = securityService;
    }

    public void bindUserAdmin(UserAdmin userAdmin) {
        userAdmin.createRole(KURA_PERMISSION_REST_ROLE, 2);
    }

    public void bindRequestHandlerRegistry(RequestHandlerRegistry requestHandlerRegistry) {
        try {
            requestHandlerRegistry.registerRequestHandler(getMqttAppId(), this.requestHandler);
        } catch (Exception e) {
            logger.warn("Failed to register {} request handler", getMqttAppId(), e);
        }
    }

    public void unbindRequestHandlerRegistry(RequestHandlerRegistry requestHandlerRegistry) {
        try {
            requestHandlerRegistry.unregister(getMqttAppId());
        } catch (Exception e) {
            logger.warn("Failed to unregister {} request handler", getMqttAppId(), e);
        }
    }

    public abstract String getMqttAppId();

    @Path("/security-policy-fingerprint/reload")
    @POST
    @Produces({"application/json"})
    @RolesAllowed({REST_ROLE_NAME})
    public Response reloadSecurityPolicyFingerprint() {
        try {
            logger.debug(DEBUG_MESSAGE, "reloadSecurityPolicyFingerprint");
            this.security.reloadSecurityPolicyFingerprint();
            return Response.ok().build();
        } catch (Exception e) {
            throw DefaultExceptionHandler.toWebApplicationException(e);
        }
    }

    @Path("/command-line-fingerprint/reload")
    @POST
    @Produces({"application/json"})
    @RolesAllowed({REST_ROLE_NAME})
    public Response reloadCommandLineFingerprint() {
        try {
            logger.debug(DEBUG_MESSAGE, "reloadCommandLineFingerprint");
            this.security.reloadCommandLineFingerprint();
            return Response.ok().build();
        } catch (Exception e) {
            throw DefaultExceptionHandler.toWebApplicationException(e);
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("/debug-enabled")
    public DebugEnabledDTO isDebugEnabled(@Context ContainerRequestContext containerRequestContext) {
        if (containerRequestContext != null) {
            try {
                if (!Optional.ofNullable(containerRequestContext.getSecurityContext()).filter(securityContext -> {
                    return securityContext.getUserPrincipal() != null;
                }).isPresent()) {
                    throw new WebApplicationException(Response.Status.UNAUTHORIZED);
                }
            } catch (Exception e) {
                throw DefaultExceptionHandler.toWebApplicationException(e);
            }
        }
        logger.debug(DEBUG_MESSAGE, "isDebugEnabled");
        return new DebugEnabledDTO(this.security.isDebugEnabled());
    }
}
